{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T14:58:31Z","timestamp":1725548311266},"publisher-location":"Berlin, Heidelberg","reference-count":130,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642041167"},{"type":"electronic","value":"9783642041174"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-04117-4_4","type":"book-chapter","created":{"date-parts":[[2010,2,22]],"date-time":"2010-02-22T16:44:00Z","timestamp":1266857040000},"page":"59-79","source":"Crossref","is-referenced-by-count":5,"title":["Cryptographic Hash Functions"],"prefix":"10.1007","author":[{"given":"Praveen","family":"Gauravaram","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lars R.","family":"Knudsen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"4_CR1","series-title":"Discrete Mathematics and its Applications","first-page":"321","volume-title":"Handbook of Applied Cryptography","author":"A.J. Menezes","year":"1997","unstructured":"A.J.\u00a0Menezes, P.C.\u00a0Van Oorschot, S.A.\u00a0Vanstone: Handbook of Applied Cryptography, Discrete Mathematics and its Applications, Vol. 1 (CRC Press, Boca Raton, FL 1997) pp. 321\u2013383, Chap. 9"},{"key":"4_CR2","volume-title":"Analysis and design of cryptographic hash functions","author":"B. Preneel","year":"1993","unstructured":"B.\u00a0Preneel: Analysis and design of cryptographic hash functions. Ph.D. Thesis (Katholieke Universiteit Leuven, Leuven 1993)"},{"key":"4_CR3","series-title":"Discrete Mathematics and its Applications","doi-asserted-by":"crossref","DOI":"10.1201\/9781420057133","volume-title":"Cryptography: Theory and Practice","author":"D.R. Stinson","year":"2005","unstructured":"D.R.\u00a0Stinson: Cryptography: Theory and Practice, Discrete Mathematics and its Applications, Vol. 36, 3rd edn. (CRC Press, Boca Raton, FL 2005)","edition":"3"},{"issue":"2","key":"4_CR4","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1007\/s10623-005-6344-y","volume":"38","author":"D.R. Stinson","year":"2006","unstructured":"D.R.\u00a0Stinson: Some observations on the theory of cryptographic hash functions, Des. Codes Cryptogr. 38(2), 259\u2013277 (2006)","journal-title":"Des. Codes Cryptogr."},{"key":"4_CR5","series-title":"Lecture Notes in Computer Science","first-page":"416","volume-title":"Advances in Cryptology \u2013 CRYPTO 1989","author":"I. Damg\u00e5rd","year":"1989","unstructured":"I.\u00a0Damg\u00e5rd: A design principle for hash functions. In: Advances in Cryptology \u2013 CRYPTO 1989, Lecture Notes in Computer Science, Vol. 435, ed. by G.\u00a0Brassard (Springer, Berlin Heidelberg 1989) pp. 416\u2013427"},{"key":"4_CR6","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Advances in Cryptology \u2013 CRYPTO 1996","author":"M. Bellare","year":"1996","unstructured":"M.\u00a0Bellare, R.\u00a0Canetti, H.\u00a0Krawczyk: Keying hash functions for message authentication. In: Advances in Cryptology \u2013 CRYPTO 1996, Lecture Notes in Computer Science, Vol. 1109, ed. by N.\u00a0Koblitz (Springer, Berlin Heidelberg 1996) pp. 1\u201315"},{"key":"4_CR7","unstructured":"J. Kelsey: Truncation mode for SHA, NIST\u2019s First Hash Function Workshop, October 2005, available at http:\/\/csrc.nist.gov\/groups\/ST\/hash\/first_workshop.html (accessed on 12 October 2008)"},{"key":"4_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"428","DOI":"10.1007\/BFb0011626","volume-title":"Advances in Cryptology \u2013 CRYPTO 1989","author":"R. Merkle","year":"1989","unstructured":"R.\u00a0Merkle: One way Hash Functions and DES. In: Advances in Cryptology \u2013 CRYPTO 1989, Lecture Notes in Computer Science, Vol. 435, ed. by G.\u00a0Brassard (Springer, Berlin Heidelberg 1989) pp. 428\u2013446"},{"key":"4_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/3-540-47555-9_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 1992","author":"X. Lai","year":"1992","unstructured":"X.\u00a0Lai, J.L.\u00a0Massey: Hash functions based on block ciphers. In: Advances in Cryptology \u2013 EUROCRYPT 1992, Lecture Notes in Computer Science, Vol. 658, ed. by R.A.\u00a0Rueppel (Springer, Berlin Heidelberg 1992) pp. 55\u201370"},{"issue":"5","key":"4_CR10","first-page":"1092","volume":"E87-A","author":"S. Hirose","year":"2004","unstructured":"S.\u00a0Hirose: A note on the strength of weak collision resistance, IEICE Trans. Fundam. E87-A(5), 1092\u20131097 (2004)","journal-title":"IEICE Trans. Fundam."},{"key":"4_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"430","DOI":"10.1007\/11535218_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"J.-S. Coron","year":"2005","unstructured":"J.-S.\u00a0Coron, Y.\u00a0Dodis, C.\u00a0Malinaud, P.\u00a0Puniya: Merkle\u2013Damg\u00e5 rd revisited: How to construct a\u00a0hash function. In: Advances in Cryptology \u2013 CRYPTO 2005, Lecture Notes in Computer Science, Vol. 3621, ed. by V.\u00a0Shoup (Springer, Berlin Heidelberg 2005) pp. 430\u2013448"},{"key":"4_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/11818175_36","volume-title":"Advances in Cryptology \u2013 CRYPTO 2006","author":"M. Bellare","year":"2006","unstructured":"M.\u00a0Bellare: New proofs for NMAC and HMAC: security without collision-resistance. In: Advances in Cryptology \u2013 CRYPTO 2006, Lecture Notes in Computer Science, Vol. 4117, ed. by C.\u00a0Dwork (Springer, Berlin Heidelberg 2006)"},{"issue":"1","key":"4_CR13","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1007\/BF00203968","volume":"3","author":"R.C. Merkle","year":"1990","unstructured":"R.C.\u00a0Merkle: A fast Software one-way hash function, J. Cryptol. 3(1), 43\u201358 (1990)","journal-title":"J. Cryptol."},{"key":"4_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"474","DOI":"10.1007\/11593447_26","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2005","author":"S. Lucks","year":"2005","unstructured":"S.\u00a0Lucks: A failure-friendly design principle for hash functions. In: Advances in Cryptology \u2013 ASIACRYPT 2005, Lecture Notes in Computer Science, Vol. 3788, ed. by B.\u00a0Roy (Springer, Berlin Heidelberg 2005) pp. 474\u2013494"},{"key":"4_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"303","DOI":"10.1007\/3-540-38424-3_22","volume-title":"Advances in Cryptology \u2013 CRYPTO 1990","author":"R. Rivest","year":"1991","unstructured":"R.\u00a0Rivest: The MD4 message digest algorithm. In: Advances in Cryptology \u2013 CRYPTO 1990, Lecture Notes in Computer Science, Vol. 537, ed. by A.\u00a0Menezes, S.A.\u00a0Vanstone (Springer, Berlin Heidelberg 1991) pp. 303\u2013311"},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"R. Rivest: RFC 1320: The MD4 message digest algorithm (April 1992), available at http:\/\/www.faqs.org\/rfcs\/rfc1320.html (accessed on 12 October 2008)","DOI":"10.17487\/rfc1320"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"R. Rivest: The MD5 message digest algorithm, Internet Request for Comment RFC 1321, Internet Engineering Task Force (April 1992)","DOI":"10.17487\/rfc1321"},{"key":"4_CR18","unstructured":"National Institute of Standards and Technology: FIPS PUB 180: Secure hash standard (May 1993)"},{"key":"4_CR19","unstructured":"National Institute of Standards and Technology: Federal information processing standard (FIPS PUB 180-2) Secure Hash Standard (August 2002), available at http:\/\/csrc.nist.gov\/publications\/fips\/fips180-2\/fips180-2.pdf (accessed on 18 May 2008)"},{"key":"4_CR20","unstructured":"National Institute of Standards and Technology: Federal information processing standard (FIPS PUB 180-3) secure hash standard (June 2007), available at http:\/\/csrc.nist.gov\/publications\/drafts\/fips_180-3\/draft_fips-180-3_June-08-2007.pdf (accessed on 22 July 2008)"},{"key":"4_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1007\/3-540-60865-6_44","volume-title":"Fast Software Encryption","author":"H. Dobbertin","year":"1996","unstructured":"H.\u00a0Dobbertin, A.\u00a0Bosselaers, B.\u00a0Preneel: RIPEMD-160: A strengthened version of RIPEMD. In: Fast Software Encryption, Lecture Notes in Computer Science, Vol. 1039, ed. by D.\u00a0Grollman (Springer, Berlin Heidelberg 1996) pp. 71\u201382"},{"key":"4_CR22","unstructured":"ISO\/IEC 10118-3:2004: Information technology \u2013 security techniques \u2013 hash-functions. Part 3: dedicated hash-functions (International Organization for Standardization, February 2004)"},{"key":"4_CR23","unstructured":"European Network of Excellence in Cryptography (ECRYPT): Recent collision attacks on hash functions: ECRYPT position paper, technical report version 1.1 (Katholieke Universiteit Leuven, February 2005), available at http:\/\/www.ecrypt.eu.org\/documents\/STVL-ERICS-2-HASH_STMT-1.1.pdf (accessed on 28 December 2006)"},{"key":"4_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"214","DOI":"10.1007\/978-3-540-30539-2_16","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2004","author":"F. Muller","year":"2004","unstructured":"F.\u00a0Muller: The MD2 hash function is not one-way. In: Advances in Cryptology \u2013 ASIACRYPT 2004, Lecture Notes in Computer Science, Vol. 3329, ed. by P.J.\u00a0Lee (Springer, Berlin Heidelberg 2004) pp. 214\u2013229"},{"issue":"5","key":"4_CR25","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1038\/scientificamerican0573-15","volume":"228","author":"H. Feistel","year":"1973","unstructured":"H.\u00a0Feistel: Cryptography and computer privacy, Sci. Am. 228(5), 15\u201323 (1973)","journal-title":"Sci. Am."},{"key":"4_CR26","unstructured":"B.\u00a0Schneier: Applied Cryptography, 2nd edn. (John Wiley and Sons, USA 1996) Chap. 18, pp. 429\u2013460"},{"key":"4_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"368","DOI":"10.1007\/3-540-57341-0","volume-title":"Advances in Cryptology \u2013 CRYPTO 1993","author":"B. Preneel","year":"1993","unstructured":"B.\u00a0Preneel, R.\u00a0Govaerts, J.\u00a0Vandewalle: Hash functions based on block ciphers: a synthetic approach. In: Advances in Cryptology \u2013 CRYPTO 1993, Lecture Notes in Computer Science, Vol. 773, ed. by D.R.\u00a0Stinson (Springer, Berlin Heidelberg 1993) pp. 368\u2013378"},{"key":"4_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"320","DOI":"10.1007\/3-540-45708-9_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2002","author":"J. Black","year":"2002","unstructured":"J.\u00a0Black, P.\u00a0Rogaway, T.\u00a0Shrimpton: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Advances in Cryptology \u2013 CRYPTO 2002, Lecture Notes in Computer Science, Vol. 2442, ed. by M.\u00a0Yung (Springer, Berlin Heidelberg 2002) pp. 320\u2013335"},{"key":"4_CR29","unstructured":"D.\u00a0Coppersmith, S.\u00a0Pilpel, C.H.\u00a0Meyer, S.M.\u00a0Matyas, M.M.\u00a0Hyden, J.\u00a0Oseas, B.\u00a0Brachtl, M.\u00a0Schilling: Data authentication using modification dectection codes based on a public one way encryption function, Patent 4908861 (1990)"},{"key":"4_CR30","unstructured":"C. Meyer, M. Schilling: Secure program load with manipulation detection code, Proc. 6th Worldwide Congress on Computer and Communications Security and Protection (SECURICOM 1988), Paris, 1988, pp. 111\u2013130"},{"key":"4_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/978-3-540-72540-4_3","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2007","author":"J.P. Steinberger","year":"2007","unstructured":"J.P.\u00a0Steinberger: The collision intractability of MDC-2 in the ideal-cipher model. In: Advances in Cryptology \u2013 EUROCRYPT 2007, Lecture Notes in Computer Science, Vol. 4515, ed. by M.\u00a0Naor (Springer, Berlin Heidelberg 2007) pp. 34\u201351"},{"key":"4_CR32","series-title":"Lecture Notes in Computer Science","first-page":"31","volume-title":"Integrity Primitives for Secure Information Systems. Final Report of RACE Integrity Primitives Evaluation RIPE-RACE 1040","year":"1995","unstructured":"A.\u00a0Bosselaers, B.\u00a0Preneel (Eds.): Integrity Primitives for Secure Information Systems. Final Report of RACE Integrity Primitives Evaluation RIPE-RACE 1040, Lecture Notes in Computer Science, Vol. 1007 (Springer, Berlin Heidelberg 1995) pp. 31\u201367, Chap. 2"},{"key":"4_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"148","DOI":"10.1007\/978-3-540-74735-2_11","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES Proceedings","author":"H. Yoshida","year":"2007","unstructured":"H.\u00a0Yoshida, D.\u00a0Watanabe, K.\u00a0Okeya, J.\u00a0Kitahara, H.\u00a0Wu, \u00d6.\u00a0K\u00fc\u00e7\u00fck, B.\u00a0Preneel: MAME: A compression function with reduced hardware requirements. In: Cryptographic Hardware and Embedded Systems \u2013 CHES Proceedings, Lecture Notes in Computer Science, Vol. 4727, ed. by P.\u00a0Paillier, I.\u00a0Verbauwhede (Springer, Berlin Heidelberg 2007) pp. 148\u2013165"},{"key":"4_CR34","unstructured":"V. Rijmen, P.S.L.M. Barreto: The WHIRLPOOL hash function, ISO\/IEC 10118-3:2004 (2004), available at http:\/\/www.larc.usp.br\/pbarreto\/WhirlpoolPage.html (accessed on 24 December 2008)"},{"key":"4_CR35","volume-title":"Block ciphers: analysis, design and applications","author":"L.R. Knudsen","year":"1994","unstructured":"L.R.\u00a0Knudsen: Block ciphers: analysis, design and applications. Ph.D. Thesis (\u00c5rhus University, \u00c5rhus 1994)"},{"issue":"1","key":"4_CR36","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/s001459900035","volume":"11","author":"L.R. Knudsen","year":"1998","unstructured":"L.R.\u00a0Knudsen, X.\u00a0Lai, B.\u00a0Preneel: Attacks on fast double block length hash functions, J. Cryptol. 11(1), 59\u201372 (1998)","journal-title":"J. Cryptol."},{"key":"4_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"462","DOI":"10.1007\/11593447_25","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2005","author":"L.R. Knudsen","year":"2005","unstructured":"L.R.\u00a0Knudsen, F.\u00a0Muller: Some attacks against a double length hash proposal. In: Advances in Cryptology \u2013 ASIACRYPT 2005, Lecture Notes in Computer Science, Vol. 3788, ed. by B.\u00a0Roy (Springer, Berlin Heidelberg 2005) pp. 462\u2013473"},{"key":"4_CR38","first-page":"5658","volume":"27","author":"S. Matyas","year":"1985","unstructured":"S.\u00a0Matyas, C.\u00a0Meyer, J.\u00a0Oseas: Generating strong one-way functions with cryptographic algorithm, IBM Tech. Discl. Bull. 27, 5658\u20135659 (1985)","journal-title":"IBM Tech. Discl. Bull."},{"key":"4_CR39","unstructured":"D.W. Davies, W. Price: Digital signatures, an update, Proc. 5th International Conference on Computer Communications, October 1984, pp. 845\u2013849"},{"key":"4_CR40","first-page":"203","volume-title":"Proc. CRYPTO 1983","author":"R. Winternitz","year":"1984","unstructured":"R.\u00a0Winternitz: Producing a one-way hash function from DES. In: Proc. CRYPTO 1983, ed. by D.\u00a0Chaum (Plenum Press, New York London 1984) pp. 203\u2013207"},{"key":"4_CR41","doi-asserted-by":"crossref","unstructured":"R.\u00a0Winternitz: A secure one-way hash function built from DES, Proc. 1984 Symposium on Security and Privacy (SSP 1984) (IEEE Computer Society Press, 1984) pp. 88\u201390","DOI":"10.1109\/SP.1984.10027"},{"key":"4_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/BFb0034837","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 1996","author":"L.R. Knudsen","year":"1996","unstructured":"L.R.\u00a0Knudsen, B.\u00a0Preneel: Hash functions based on block ciphers and quaternary codes. In: Advances in Cryptology \u2013 ASIACRYPT 1996, Lecture Notes in Computer Science, Vol. 1163, ed. by K.\u00a0Kim, T.\u00a0Matsumoto (Springer, Berlin Heidelberg 1996) pp. 77\u201390"},{"key":"4_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/3-540-46877-3_30","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 1990","author":"S. Miyaguchi","year":"1991","unstructured":"S.\u00a0Miyaguchi, K.\u00a0Ohta, M.\u00a0Iwata: Confirmation that some hash functions are not collision free. In: Advances in Cryptology \u2013 EUROCRYPT 1990, Lecture Notes in Computer Science, Vol. 473, ed. by I.B.\u00a0Damg\u00e5rd (Springer, Berlin Heidelberg 1991) pp. 326\u2013343"},{"key":"4_CR44","unstructured":"ISO\/IEC 10118-4:1998: Information technology \u2013 security techniques \u2013 hashfunctions. Part 4: Hash-functions using modular arithmetic (1998)"},{"key":"4_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"144","DOI":"10.1007\/978-3-540-68914-0_9","volume-title":"ACNS","author":"I. Damg\u00e5rd","year":"2008","unstructured":"I.\u00a0Damg\u00e5rd, L.\u00a0Knudsen, S.\u00a0Thomsen: DAKOTA-hashing from a combination of modular arithmetic and symmetric cryptography. In: ACNS, Lecture Notes in Computer Science, Vol. 5037, ed. by S.\u00a0Bellovin, R.\u00a0Gennaro (Springer, Berlin Heidelberg 2008) pp. 144\u2013155"},{"key":"4_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"425","DOI":"10.1007\/BFb0052253","volume-title":"Advances in Cryptology \u2013 CRYPTO 1997","author":"D. Boneh","year":"1997","unstructured":"D.\u00a0Boneh, M.\u00a0Franklin: Efficient generation of shared RSA keys (extended abstract). In: Advances in Cryptology \u2013 CRYPTO 1997, Lecture Notes in Computer Science, Vol. 1294, ed. by B.S.\u00a0Kaliski Jr. (Springer, Berlin Heidelberg 1997) pp. 425\u2013439"},{"key":"4_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"306","DOI":"10.1007\/978-3-540-28628-8_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"A. Joux","year":"2004","unstructured":"A.\u00a0Joux: Multicollisions in iterated hash functions. Application to cascaded constructions.. In: Advances in Cryptology \u2013 CRYPTO 2004, Lecture Notes in Computer Science, Vol. 3152, ed. by M.\u00a0Franklin (Springer, Berlin Heidelberg 2004) pp. 306\u2013316"},{"key":"4_CR48","unstructured":"R.C.\u00a0Merkle: Secrecy, authentication, and public key systems. Ph.D. Thesis (Department of Electrical Engineering, Stanford University 1979)"},{"key":"4_CR49","volume-title":"Formal aspects of mobile code security","author":"R.D. Dean","year":"1999","unstructured":"R.D.\u00a0Dean: Formal aspects of mobile code security. Ph.D. Thesis (Princeton University, Princeton 1999)"},{"key":"4_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"474","DOI":"10.1007\/11426639_28","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"J. Kelsey","year":"2005","unstructured":"J.\u00a0Kelsey, B.\u00a0Schneier: Second Preimages on n-bit hash functions for much less than 2 n work. In: Advances in Cryptology \u2013 EUROCRYPT 2005, Lecture Notes in Computer Science, Vol. 3494, ed. by R.\u00a0Cramer (Springer, Berlin Heidelberg 2005) pp. 474\u2013490"},{"key":"4_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1007\/11761679_12","volume-title":"Advances in Cryptology-EUROCRYPT 2006","author":"J. Kelsey","year":"2006","unstructured":"J.\u00a0Kelsey, T.\u00a0Kohno: Herding hash functions and the Nostradamus attack. In: Advances in Cryptology-EUROCRYPT 2006, Lecture Notes in Computer Science, Vol. 4004, ed. by S.\u00a0Vaudenay (Springer, Berlin Heidelberg 2006) pp. 183\u2013200"},{"key":"4_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1007\/3-540-38424-3_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 1990","author":"E. Biham","year":"1991","unstructured":"E.\u00a0Biham, A.\u00a0Shamir: Differential cryptanalysis of DES-like cryptosystems (extended abstract). In: Advances in Cryptology \u2013 CRYPTO 1990, Lecture Notes in Computer Science, Vol. 537, ed. by A.J.\u00a0Menezes, S.A.\u00a0Vanstone (Springer, Berlin Heidelberg 1991) pp. 2\u201321"},{"key":"4_CR53","volume-title":"Cryptanalysis of hash functions of the MD4-family","author":"M. Daum","year":"2005","unstructured":"M.\u00a0Daum: Cryptanalysis of hash functions of the MD4-family. Ph.D. Thesis (Ruhr-Universit\u00e4t Bochum, Bochum 2005)"},{"key":"4_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1007\/3-540-60865-6_43","volume-title":"Fast Software Encryption","author":"H. Dobbertin","year":"1996","unstructured":"H.\u00a0Dobbertin: Cryptanalysis of MD4. In: Fast Software Encryption, Lecture Notes in Computer Science, Vol. 1039, ed. by D.\u00a0Grollman (Springer, Berlin Heidelberg 1996) pp. 53\u201369"},{"issue":"4","key":"4_CR55","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1007\/s001459900047","volume":"11","author":"H. Dobbertin","year":"1998","unstructured":"H.\u00a0Dobbertin: Cryptanalysis of MD4, J. Cryptol. 11(4), 253\u2013271 (1998)","journal-title":"J. Cryptol."},{"key":"4_CR56","unstructured":"H. Dobbertin: Cryptanalysis of MD5 Compress, presented at the Rump Session of EUROCRYPT 1996 (1996)"},{"key":"4_CR57","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"X. Wang","year":"2005","unstructured":"X.\u00a0Wang, X.\u00a0Lai, D.\u00a0Feng, H.\u00a0Chen, X.\u00a0Yu: Cryptanalysis of the hash functions MD4 and RIPEMD. In: Advances in Cryptology \u2013 EUROCRYPT 2005, Lecture Notes in Computer Science, Vol. 3494, ed. by R.\u00a0Cramer (Springer, Berlin Heidelberg 2005) pp. 1\u201318"},{"key":"4_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"444","DOI":"10.1007\/978-3-540-71039-4_28","volume-title":"Fast Software Encryption","author":"E. Biham","year":"2008","unstructured":"E.\u00a0Biham: New techniques for cryptanalysis of hash functions and improved attacks on Snefru. In: Fast Software Encryption, Lecture Notes in Computer Science, Vol. 5086, ed. by K.\u00a0Nyberg (Springer, Berlin Heidelberg 2008) pp. 444\u2013461"},{"key":"4_CR59","series-title":"Lecture Notes in Computer Science","first-page":"19","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"X. Wang","year":"2005","unstructured":"X.\u00a0Wang, H.\u00a0Yu: How to break MD5 and other hash functions. In: Advances in Cryptology \u2013 EUROCRYPT 2005, Lecture Notes in Computer Science, Vol. 3494, ed. by R.\u00a0Cramer (Springer, Berlin Heidelberg 2005) pp. 19\u201335"},{"issue":"1","key":"4_CR60","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1007\/s11390-007-9010-1","volume":"22","author":"J. Liang","year":"2007","unstructured":"J.\u00a0Liang, X.-J.\u00a0Lai: Improved collision attack on hash function MD5, J. Comput. Sci. Technol. 22(1), 79\u201387 (2007)","journal-title":"J. Comput. Sci. Technol."},{"key":"4_CR61","unstructured":"Y. Sasaki, Y. Naito, N. Kunihiro, K. Ohta: Improved collision attack on MD5, Cryptology ePrint Archive, Report 2005\/400 (2005), available at http:\/\/eprint.iacr.org\/2005"},{"key":"4_CR62","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1007\/978-3-540-71039-4_26","volume-title":"Fast Software Encryption","author":"G. Leurent","year":"2008","unstructured":"G.\u00a0Leurent: MD4 is not one-way. In: Fast Software Encryption, Lecture Notes in Computer Science, Vol. 5086, ed. by K.\u00a0Nyberg (Springer, Berlin Heidelberg 2008) pp. 412\u2013428"},{"key":"4_CR63","unstructured":"Federal Information Processing Standards Publication: Secure hash standard: FIPS PUB 180 (United States Government Printing Office, 11 May 1993)"},{"key":"4_CR64","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1007\/3-540-48285-7_26","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 1993","author":"B. den Boer","year":"1994","unstructured":"B.\u00a0den Boer, A.\u00a0Bosselaers: Collisions for the compression function of MD5. In: Advances in Cryptology \u2013 EUROCRYPT 1993, Lecture Notes in Computer Science, Vol. 765, ed. by T.\u00a0Helleseth (Springer, Berlin Heidelberg 1994) pp. 293\u2013304"},{"key":"4_CR65","unstructured":"N.C.S. Laboratory: Secure hash standard, Federal Information Processing Standards Publication 180-1 (1995)"},{"key":"4_CR66","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"56","DOI":"10.1007\/BFb0055720","volume-title":"Advances in Cryptology \u2013 CRYPTO 1998","author":"F. Chabaud","year":"1998","unstructured":"F.\u00a0Chabaud, A.\u00a0Joux: Differential collisions in SHA-0. In: Advances in Cryptology \u2013 CRYPTO 1998, Lecture Notes in Computer Science, Vol. 1462, ed. by H.\u00a0Krawczyk (Springer, Berlin Heidelberg 1998) pp. 56\u201371"},{"key":"4_CR67","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"X. Wang","year":"2005","unstructured":"X.\u00a0Wang, Y.L.\u00a0Yin, H.\u00a0Yu: Efficient collision search attacks on SHA-0. In: Advances in Cryptology \u2013 CRYPTO 2005, Lecture Notes in Computer Science, Vol. 3621, ed. by V.\u00a0Shoup (Springer, Berlin Heidelberg 2005) pp. 1\u201316"},{"key":"4_CR68","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"290","DOI":"10.1007\/978-3-540-28628-8_18","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"E. Biham","year":"2004","unstructured":"E.\u00a0Biham, R.\u00a0Chen: Near-collisions of SHA-0. In: Advances in Cryptology \u2013 CRYPTO 2004, Lecture Notes in Computer Science, Vol. 3152, ed. by M.\u00a0Franklin (Springer, Berlin Heidelberg 2004) pp. 290\u2013305"},{"key":"4_CR69","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1007\/11426639_3","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"E. Biham","year":"2005","unstructured":"E.\u00a0Biham, R.\u00a0Chen, A.\u00a0Joux, P.\u00a0Carribault, C.\u00a0Lemuet, W.\u00a0Jalby: Collisions of SHA-0 and reduced SHA-1. In: Advances in Cryptology \u2013 EUROCRYPT 2005, Lecture Notes in Computer Science, Vol. 3494, ed. by R.\u00a0Cramer (Springer, Berlin Heidelberg 2005) pp. 36\u201357"},{"key":"4_CR70","series-title":"Lecture Notes in Computer Science","first-page":"17","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"X. Wang","year":"2005","unstructured":"X.\u00a0Wang, Y.L.\u00a0Yin, H.\u00a0Yu: Finding collisions in the full SHA-1. In: Advances in Cryptology \u2013 CRYPTO 2005, Lecture Notes in Computer Science, Vol. 3621, ed. by V.\u00a0Shoup (Springer, Berlin Heidelberg 2005) pp. 17\u201336"},{"key":"4_CR71","unstructured":"X. Wang, A. Yao, F. Yao: Cryptanalysis of SHA-1 hash function, technical report (National Institute of Standards and Technology, October 2005) available at http:\/\/csrc.nist.gov\/groups\/ST\/hash\/first_workshop.html (accessed on 29 December 2008)"},{"key":"4_CR72","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1007\/11605805_7","volume-title":"Topics in Cryptology \u2013 CT-RSA 2006","author":"M. Szydlo","year":"2006","unstructured":"M.\u00a0Szydlo, Y.L.\u00a0Yin: Collision-resistant usage of MD5 and SHA-1 via message preprocessing. In: Topics in Cryptology \u2013 CT-RSA 2006, Lecture Notes in Computer Science, Vol. 3860, ed. by D.\u00a0Pointcheval (Springer, Berlin Heidelberg 2006) pp. 99\u2013114"},{"key":"4_CR73","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"259","DOI":"10.1007\/11556992_19","volume-title":"ISC","author":"A. Satoh","year":"2005","unstructured":"A.\u00a0Satoh: Hardware architecture and cost estimates for breaking SHA-1. In: ISC, Lecture Notes in Computer Science, Vol. 3650, ed. by C.-M.\u00a0Hu, W.-G.\u00a0Tzeng (Springer, Berlin Heidelberg 2005) pp. 259\u2013273"},{"key":"4_CR74","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-540-77360-3_4","volume-title":"Selected Areas in Cryptography","author":"C.D. Canni\u00e8re","year":"2007","unstructured":"C.D.\u00a0Canni\u00e8re, F.\u00a0Mendel, C.\u00a0Rechberger: Collisions for 70-step SHA-1: on the full cost of collision search. In: Selected Areas in Cryptography, Lecture Notes in Computer Science, Vol. 4876, ed. by C.M.\u00a0Adams, A.\u00a0Miri, M.J.\u00a0Wiener (Springer, Berlin Heidelberg 2007) pp. 56\u201373"},{"key":"4_CR75","unstructured":"F. Mendel, C. Rechberger, V. Rijmen: Secure enough? Re-assessment of the World\u2019s most-used hash function (International Science Grid This Week, 2007), available at http:\/\/www.isgtw.org\/?pid=1000711 (accessed on 30 November 2008)"},{"key":"4_CR76","unstructured":"ISO\/IEC FDIS 10118-3. Information technology \u2013 security techniques \u2013 hash functions. Part 3: dedicated hash functions (International Organization for Standardization, 2003), available at http:\/\/www.ncits.org\/ref-docs\/FDIS_10118-3.pdf"},{"key":"4_CR77","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1007\/11836810_8","volume-title":"ISC","author":"F. Mendel","year":"2006","unstructured":"F.\u00a0Mendel, N.\u00a0Pramstaller, C.\u00a0Rechberger, V.\u00a0Rijmen: On the collision resistance of RIPEMD-160. In: ISC, Lecture Notes in Computer Science, Vol. 4176, ed. by S.K.\u00a0Katsikas, J.\u00a0Lopez, M.\u00a0Backes, S.\u00a0Gritzalis, B.\u00a0Preneel (Springer, Berlin Heidelberg 2006) pp. 101\u2013116"},{"key":"4_CR78","unstructured":"National Institute of Standards and Technology: Advanced encryption standard (AES) development effort (2001), available at http:\/\/csrc.nist.gov\/archive\/aes\/index.html (accessed on 9 November 2008)"},{"key":"4_CR79","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"407","DOI":"10.1007\/11780656_34","volume-title":"Australasian Conference on Information Security and Privacy (ACISP)","author":"P. Gauravaram","year":"2006","unstructured":"P.\u00a0Gauravaram, W.\u00a0Millan, E.\u00a0Dawson, K.\u00a0Viswanathan: Constructing secure hash functions by enhancing Merkle\u2013Damg\u00e5rd construction. In: Australasian Conference on Information Security and Privacy (ACISP), Lecture Notes in Computer Science, Vol. 4058, ed. by L.\u00a0Batten, R.\u00a0Safavi-Naini (Springer, Berlin Heidelberg 2006) pp. 407\u2013420"},{"key":"4_CR80","unstructured":"D.G. Filho, P. Barreto, V. Rijmen: The Maelstrom-0 hash function, published at 6th Brazilian Symposium on Information and Computer System Security (2006)"},{"key":"4_CR81","unstructured":"Government Committee of Russia for Standards: GOST R 34.11-94, Gosudarstvennyi Standart of Russian Federation: Information technology, cryptographic data security, hashing function (1994)"},{"key":"4_CR82","series-title":"Lecture Notes in Computer Science","first-page":"408","volume-title":"Advances in Cryptology \u2013 CRYPTO 1989","author":"J.-J. Quisquater","year":"1989","unstructured":"J.-J.\u00a0Quisquater, J.-P.\u00a0Delescaille: How easy is collision search. New results and applications to DES. In: Advances in Cryptology \u2013 CRYPTO 1989, Lecture Notes in Computer Science, Vol. 435, ed. by G.\u00a0Brassard (Springer, Berlin Heidelberg 1989) pp. 408\u2013413"},{"key":"4_CR83","doi-asserted-by":"crossref","unstructured":"B. Kaliski: RFC 1319: the MD2 message-digest algorithm (Internet Activities Board, April 1992), available at http:\/\/www.ietf.org\/rfc\/rfc1319.txt (accessed on 27 December 2008)","DOI":"10.17487\/rfc1319"},{"key":"4_CR84","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/978-3-540-79263-5_3","volume-title":"Topics in Cryptology \u2013 CT-RSA 2008","author":"P. Gauravaram","year":"2008","unstructured":"P.\u00a0Gauravaram, J.\u00a0Kelsey: Linear-XOR and additive checksums don\u2019t protect Damg\u00e5rd\u2013Merkle hashes from generic attacks. In: Topics in Cryptology \u2013 CT-RSA 2008, Lecture Notes in Computer Science, Vol. 4964, ed. by T.\u00a0Malkin (Springer, Berlin Heidelberg 2008) pp. 36\u201351"},{"key":"4_CR85","unstructured":"P. Gauravaram, J. Kelsey, L. Knudsen, S. Thomsen: On hash functions using checksums, MAT Report Series 806-56 (Technical University of Denmark, July 2008), available at http:\/\/all.net\/books\/standards\/NIST-CSRC\/csrc.nist.gov\/publications\/drafts.html#draft-SP800-56 (accessed on 21 December 2008)"},{"key":"4_CR86","unstructured":"R. Rivest: Abelian square-free dithering and recoding for iterated hash functions, technical report (October 2005), available at http:\/\/csrc.nist.gov\/pki\/HashWorkshop\/2005\/program.htm (accessed on 15 February 2007)"},{"key":"4_CR87","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"270","DOI":"10.1007\/978-3-540-78967-3_16","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"E. Andreeva","year":"2008","unstructured":"E.\u00a0Andreeva, C.\u00a0Bouillaguet, P.-A.\u00a0Fouque, J.J.\u00a0Hoch, J.\u00a0Kelsey, A.\u00a0Shamir, S.\u00a0Zimmer: Second preimage attacks on dithered hash functions. In: Advances in Cryptology \u2013 EUROCRYPT 2008, Lecture Notes in Computer Science, Vol. 4965, ed. by N.P.\u00a0Smart (Springer, Berlin Heidelberg 2008) pp. 270\u2013288"},{"key":"4_CR88","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1007\/978-3-540-76900-2_8","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2007","author":"E. Andreeva","year":"2007","unstructured":"E.\u00a0Andreeva, G.\u00a0Neven, B.\u00a0Preneel, T.\u00a0Shrimpton: Seven-property-preserving iterated hashing: ROX. In: Advances in Cryptology \u2013 ASIACRYPT 2007, Lecture Notes in Computer Science, Vol. 4833, ed. by K.\u00a0Kurosawa (Springer, Berlin Heidelberg 2007) pp. 130\u2013146"},{"key":"4_CR89","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"445","DOI":"10.1007\/3-540-45539-6_32","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2000","author":"V. Shoup","year":"2000","unstructured":"V.\u00a0Shoup: A composition theorem for universal one-way hash functions. In: Advances in Cryptology \u2013 EUROCRYPT 2000, Lecture Notes in Computer Science, Vol. 1807, ed. by B.\u00a0Preneel (Springer, Berlin Heidelberg 2000) pp. 445\u2013452"},{"key":"4_CR90","unstructured":"E. Biham, O. Dunkelman: A framework for iterative hash functions \u2013 HAIFA, Cryptology ePrint Archive, Report 2007\/278 (2007), available at http:\/\/eprint.iacr.org\/2007\/278 (accessed on 14 May 2008)"},{"key":"4_CR91","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/11818175_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2006","author":"S. Halevi","year":"2006","unstructured":"S.\u00a0Halevi, H.\u00a0Krawczyk: Strengthening digital signatures via randomized hashing. In: Advances in Cryptology \u2013 CRYPTO 2006, Lecture Notes in Computer Science, Vol. 4117, ed. by C.\u00a0Dwork (Springer, Berlin Heidelberg 2006) pp. 41\u201359, available at http:\/\/www.ee.technion.ac.il\/ hugo\/rhash\/rhash.pdf , accessed on 29 July 2008"},{"key":"4_CR92","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1007\/978-3-540-24638-1_2","volume-title":"Theory of Cryptography Conference","author":"U. Maurer","year":"2004","unstructured":"U.\u00a0Maurer, R.\u00a0Renner, C.\u00a0Holenstein: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Theory of Cryptography Conference, Lecture Notes in Computer Science, Vol. 2951, ed. by M.\u00a0Naor (Springer, Berlin Heidelberg 2004) pp. 21\u201339"},{"key":"4_CR93","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"341","DOI":"10.1007\/3-540-48658-5_32","volume-title":"Advances in Cryptology \u2013 CRYPTO 1994","author":"M. Bellare","year":"1994","unstructured":"M.\u00a0Bellare, J.\u00a0Kilian, P.\u00a0Rogaway: The security of cipher block chaining. In: Advances in Cryptology \u2013 CRYPTO 1994, Lecture Notes in Computer Science, Vol. 839, ed. by Y.G.\u00a0Desmedt (Springer, Berlin Heidelberg 1994) pp. 341\u2013358"},{"key":"4_CR94","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1145\/168588.168596","volume-title":"Proceedings of the 1st ACM Conference on Computer and Communications Security","author":"M. Bellare","year":"1993","unstructured":"M.\u00a0Bellare, P.\u00a0Rogaway: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, ed. by V.\u00a0Ashby (ACM Press, New York, NY, USA 1993) pp. 62\u201373"},{"key":"4_CR95","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-540-78967-3_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"G. Bertoni","year":"2008","unstructured":"G.\u00a0Bertoni, J.\u00a0Daemen, M.\u00a0Peeters, G.V.\u00a0Assche: On the indifferentiability of the sponge construction. In: Advances in Cryptology \u2013 EUROCRYPT 2008, Lecture Notes in Computer Science, Vol. 4965, ed. by N.P.\u00a0Smart (Springer, Berlin Heidelberg 2008) pp. 181\u2013197"},{"key":"4_CR96","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"283","DOI":"10.1007\/11935230_19","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"D. Chang","year":"2006","unstructured":"D.\u00a0Chang, S.\u00a0Lee, M.\u00a0Nandi, M.\u00a0Yung: Indifferentiable security analysis of popular hash functions with prefix-free padding. In: Advances in Cryptology \u2013 ASIACRYPT 2006, Lecture Notes in Computer Science, Vol. 4284, ed. by X.\u00a0Lai, K.\u00a0Chen (Springer, Berlin Heidelberg 2006) pp. 283\u2013298"},{"issue":"10","key":"4_CR97","doi-asserted-by":"crossref","first-page":"2301","DOI":"10.1093\/ietfec\/e90-a.10.2301","volume":"90-A","author":"H. Kuwakado","year":"2007","unstructured":"H.\u00a0Kuwakado, M.\u00a0Morii: Indifferentiability of single-block-length and rate-1 compression functions, IEICE Trans. 90-A(10), 2301\u20132308 (2007)","journal-title":"IEICE Trans."},{"issue":"5","key":"4_CR98","doi-asserted-by":"publisher","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","volume":"22","author":"W. Diffie","year":"1976","unstructured":"W.\u00a0Diffie, M.\u00a0Hellman: New directions in cryptography, IEEE Trans. Inf. Theory 22(5), 644\u2013654 (1976)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"4_CR99","volume-title":"Cryptography: Theory and Practice","author":"D.R. Stinson","year":"2002","unstructured":"D.R.\u00a0Stinson: Cryptography: Theory and Practice, 2nd edn. (CRC Press, Boca Raton, FL 2002)","edition":"2"},{"key":"4_CR100","series-title":"Monographs in Theoretical Computer Science","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-662-07324-7","volume-title":"Fundamentals of Computer Security","author":"J. Pieprzyk","year":"2003","unstructured":"J.\u00a0Pieprzyk, T.\u00a0Hardjono, J.\u00a0Seberry: Fundamentals of Computer Security, Monographs in Theoretical Computer Science (Springer, Berlin Heidelberg 2003)"},{"key":"4_CR101","unstructured":"National Institute of Standards and Technology: FIPS PUB 186-2: Digital signature standard (DSS) (January 2000), available at http:\/\/csrc.nist.gov\/publications\/fips\/fips186-2\/fips186-2-change1.pdf (accessed on 15 August 2008)"},{"key":"4_CR102","unstructured":"RSA Laboratories: PKCS #1 v2.1: RSA Cryptography Standard, RSA Data Security, Inc. (June 2002), available at ftp:\/\/ftp.rsasecurity.com\/pub\/pkcs\/pkcs-1\/pkcs-1v2-1.pdf (accessed on 15 August 2008)"},{"key":"4_CR103","unstructured":"S. Bellovin, E. Rescorla: Deploying a new hash algorithm, NIST\u2019s First Hash Function Workshop, October 2005, available at http:\/\/csrc.nist.gov\/groups\/ST\/hash\/first_workshop.html (accessed on 18 May 2008)"},{"key":"4_CR104","doi-asserted-by":"crossref","unstructured":"P. Hoffman, B. Schneier: RFC 4270: Attacks on cryptographic hashes in internet protocols, Informational RFC draft (November 2005), available at http:\/\/www.rfc-archive.org\/getrfc.php?rfc=4270 (accessed on 11 December 2006)","DOI":"10.17487\/rfc4270"},{"key":"4_CR105","doi-asserted-by":"crossref","unstructured":"C.N.\u00a0Michael, X.\u00a0Su: Incorporating a new hash function in openPGP and SSL\/TLS, ITNG (IEEE Computer Society, 2007) pp. 556\u2013561","DOI":"10.1109\/ITNG.2007.109"},{"key":"4_CR106","unstructured":"D.W. Davies, W.L. Price: The application of digital signatures based on public-key cryptosystems, Proc. 5th International Computer Communications Conference, October 1980, pp. 525\u2013530"},{"key":"4_CR107","first-page":"209","volume-title":"Advances in Cryptology: Proceedings of CRYPTO","author":"S.G. Akl","year":"1983","unstructured":"S.G.\u00a0Akl: On the security of compressed encodings. In: Advances in Cryptology: Proceedings of CRYPTO, ed. by D.\u00a0Chaum (Plenum Press, New York London 1983) pp. 209\u2013230"},{"issue":"11","key":"4_CR108","doi-asserted-by":"publisher","first-page":"594","DOI":"10.1145\/359168.359172","volume":"22","author":"R. Morris","year":"1979","unstructured":"R.\u00a0Morris, K.\u00a0Thompson: Password security \u2013 a case history, Commun. ACM 22(11), 594\u2013597 (1979)","journal-title":"Commun. ACM"},{"key":"4_CR109","unstructured":"P. Hawkes, M. Paddon, G. Rose: The Mundja streaming MAC, presented at the ECRYPT Network of Excellence in Cryptology workshop on the State of the Art of Stream Ciphers, October 2004, Brugge, Belgium (2004), available at http:\/\/eprint.iacr.org\/2004\/271 (accessed on 9 November 2008)"},{"key":"4_CR110","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/3-540-60590-8","volume-title":"Advances in Cryptology \u2013 CRYPTO 1995","author":"B. Preneel","year":"1995","unstructured":"B.\u00a0Preneel, P.C.\u00a0van Oorschot: MDx-MAC and building fast MACs from hash hunctions. In: Advances in Cryptology \u2013 CRYPTO 1995, Lecture Notes in Computer Science, Vol. 963, ed. by D.\u00a0Coppersmith (Springer, Berlin Heidelberg 1995) pp. 1\u201314"},{"key":"4_CR111","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/3-540-68339-9_3","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 1996","author":"B. Preneel","year":"1996","unstructured":"B.\u00a0Preneel, P.C.\u00a0van Oorschot: On the security of two MAC algorithms. In: Advances in Cryptology \u2013 EUROCRYPT 1996, Lecture Notes in Computer Science, Vol. 1070, ed. by U.\u00a0Maurer (Springer, Berlin Heidelberg 1996) pp. 19\u201332"},{"key":"4_CR112","doi-asserted-by":"crossref","unstructured":"G. Tsudik: Message authentication with one-way hash functions, IEEE Infocom 1992 (1992) pp. 2055\u20132059","DOI":"10.1109\/INFCOM.1992.263477"},{"key":"4_CR113","volume-title":"Cryptography: a Guide for the Design and Implementation of Secure Systems","author":"C.H. Meyer","year":"1982","unstructured":"C.H.\u00a0Meyer, S.M.\u00a0Matyas: Cryptography: a Guide for the Design and Implementation of Secure Systems (John Wiley and Sons, New York 1982)"},{"key":"4_CR114","unstructured":"ANSI X9.9: Financial institution message authentication (wholesale) (1986)"},{"key":"4_CR115","doi-asserted-by":"crossref","unstructured":"H. Krawczyk, M. Bellare, R. Canetti: RFC 2104: HMAC: Keyed-hashing for message authentication (February 1997), available at http:\/\/www.ietf.org\/rfc\/rfc2104.txt (accessed on 29 December 2008)","DOI":"10.17487\/rfc2104"},{"key":"4_CR116","unstructured":"National Institute of Standards and Technology: Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family, docket No. 070911510-7512-01 (November 2007), available at http:\/\/csrc.nist.gov\/groups\/ST\/hash\/sha-3\/index.html (accessed on 23 December 2008)"},{"issue":"1","key":"4_CR117","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1109\/18.746787","volume":"45","author":"B. Preneel","year":"1999","unstructured":"B.\u00a0Preneel, P.C.\u00a0van Oorschot: On the security of iterated message authentication codes, IEEE Trans. Inf. Theory 45(1), 188\u2013199 (1999)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"4_CR118","doi-asserted-by":"crossref","unstructured":"P. Metzger, W. Simpson: RFC 1828 \u2013 IP authentication using keyed MD5 (August 1995), Status: proposed standard","DOI":"10.17487\/rfc1828"},{"key":"4_CR119","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"355","DOI":"10.1007\/978-3-540-73458-1_26","volume-title":"Australasian Conference on Information Security and Privacy (ACISP)","author":"K. Yasuda","year":"2007","unstructured":"K.\u00a0Yasuda: \u201cSandwich\u201d is indeed secure: how to authenticate a message with just one hashing. In: Australasian Conference on Information Security and Privacy (ACISP), Lecture Notes in Computer Science, Vol. 4586, ed. by J.\u00a0Pieprzyk, H.\u00a0Ghodosi, E.\u00a0Dawson (Springer, Berlin Heidelberg 2007) pp. 355\u2013369"},{"key":"4_CR120","unstructured":"ISO\/IEC 9797-2: Information technology \u2013 security techniques \u2013 message authentication codes (MACs). Part 2: mechanisms using a dedicated hash-function (International Organization for Standardization, Augist 2002)"},{"key":"4_CR121","unstructured":"P.\u00a0Gauravaram: Cryptographic hash functions: cryptanalysis, design and applications. Ph.D. Thesis (Information Security Institute, Queensland University of Technogy 2007)"},{"key":"4_CR122","unstructured":"National Institute of Standards and Technology: The keyed-hash message authentication code (HMAC) (March 2002), available at http:\/\/csrc.nist.gov\/publications\/fips\/fips198\/fips-198a.pdf (accessed on 29 December 2008)"},{"key":"4_CR123","unstructured":"ANSI X9.71: Keyed hash message authentication code (2000)"},{"key":"4_CR124","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/11935230_3","volume-title":"ASIACRYPT 2006","author":"S. Contini","year":"2006","unstructured":"S.\u00a0Contini, Y.L.\u00a0Yin: Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions. In: ASIACRYPT 2006, Lecture Notes in Computer Science, Vol. 4284, ed. by X.\u00a0Lai, K.\u00a0Chen (Springer, Berlin Heidelberg 2006) pp. 37\u201353"},{"key":"4_CR125","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1007\/978-3-540-74143-5_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2007","author":"P.-A. Fouque","year":"2007","unstructured":"P.-A.\u00a0Fouque, G.\u00a0Leurent, P.Q.\u00a0Nguyen: Full key-recovery attacks on HMAC\/NMAC-MD4 and NMAC-MD5. In: Advances in Cryptology \u2013 CRYPTO 2007, Lecture Notes in Computer Science, Vol. 4622, ed. by A.\u00a0Menezes (Springer, Berlin Heidelberg 2007) pp. 13\u201330"},{"key":"4_CR126","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1007\/978-3-540-79263-5_9","volume-title":"Topics in Cryptology \u2013 CT-RSA-2008","author":"M. Fischlin","year":"2008","unstructured":"M.\u00a0Fischlin: Security of NMAC and HMAC based on non-malleability. In: Topics in Cryptology \u2013 CT-RSA-2008, Lecture Notes in Computer Science, Vol. 4964, ed. by T.\u00a0Malkin (Springer, Berlin Heidelberg 2008) pp. 138\u2013154"},{"key":"4_CR127","unstructured":"National Institute of Standards and Technology: NIST comments on cryptanalytic attacks on SHA-1, short notice (2005), available at http:\/\/csrc.nist.gov\/groups\/ST\/hash\/statement.html (accessed on 21 December 2008)"},{"key":"4_CR128","unstructured":"National Institute of Standards and Technology: Hash functions in the round 1 of the competition (December 2008), available at http:\/\/csrc.nist.gov\/groups\/ST\/hash\/sha-3\/Round1\/index.html (accessed on 23 December 2008)"},{"key":"4_CR129","unstructured":"W. Burr: SHA-3 first round submissions, December 2008, this announcement was made in the Hash-Forum"},{"key":"4_CR130","unstructured":"ECRYPT: SHA-3 Zoo, December 2008, available at http:\/\/ehash.iaik.tugraz.at\/wiki\/The_SHA-3_Zoo (accessed on 28 December 2008)"}],"container-title":["Handbook of Information and Communication Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-04117-4_4.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,30]],"date-time":"2023-05-30T12:09:29Z","timestamp":1685448569000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-04117-4_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642041167","9783642041174"],"references-count":130,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-04117-4_4","relation":{},"subject":[],"published":{"date-parts":[[2010]]}}}